DREUBEN@eagle.wesleyan.edu) (DOUGLAS SCOTT REUBEN) (06/19/89)
Hello! If anyone out there ever has had to use NTS (National Telephone Sys., I think) from a COCOT or hotel or for whatever reason and not been able to get a hold of an AT&T operator, there is a trick you can use, although it may not get you a human AT&T operator. From what I understand, all the LD services (AT&T, MCI, Sprint, etc.) and the AOS firms (ITI, NTS, etc.) are charged for accessing the national calling card database (or whatever the system is called) for verifying a calling card. AT&T is supposedly charged $.07 per call, while the AOS firms are charged something like $.40. This is one of the reasons they cite when they defend their higher rates. In any event, many AOS firms don't really check. ITI (International Telecharge) just checks to make sure the card "looks" valid, ie, a real area code, a real exchange in that area code, and a somewhat valid looking calling card PIN number. During busy hours, they are less careful, as I've entered "wrong" PINs and totally wrong numbers at times and it went through fine. Late at night they check more often, and frequently a false PIN that was accepted at 5PM won't work at 11PM the same evening. NTS, on the other hand, seems to be doing something that I, as an AT&T customer, find *very* disturbing. When I use an NTS payphone, I get the NTS "boing" tone to enter my calling card number. After that, NTS says "please wait for card verification". I hear lots of clicks, and after a minute or so, the call goes through, and you hear "Thank you for using NTS". Sounds normal, right? Fine, but enter an INVALID card number, and see what happens then. You go through the normal routine, ie, tone, then a long period of clicks, but rather than say "Invalid number" or whatever, you hear the *AT&T* system come on and say "Please dial your card number again now, the card number you have dialed in not valid". THEN, if you enter a VALID AT&T/Bell card number, you hear "Thank you for using AT&T"!!! It seems what NTS is doing is using AT&T's calling card system to verify calls for them, and then place the call over NTS after they use AT&T to check! Here's what I think happens: 1. Caller calls NTS with a 0+ call. 2. NTS gets the card number info, and then dials (via AT&T) 0+ac-dest number, waits for the AT&T tone, and then dials your card number. If the NTS system hears "Thank you for using AT&T" (or knows that a valid AT&T card gets a response faster than an invalid one), it hangs up, and places the call over NTS lines, so you don't get billed via AT&T. 3. If the call is invalid, it frequently leaves the line open so you can hear the invalid message from AT&T. You can THEN enter your real number, and get billed via AT&T (but the location may be different from where the payphone is physically located, as the NTS center is probably not near the payphone, and the call is sent out from the NTS center, not the payphone.) I've tried this a few times, and it always happens this way. I've also entered an invalid number, and then gotten the AT&T "please re-enter" recording, dialed in my AT&T card, and was later billed by AT&T with no mention of NTS. The call also came from Maryland, if I recall correctly, although I was in Springfield, Mass, calling to Boston. Has anyone had similar experiences with NTS? Is my supposition correct? Is NTS using AT&T to verify card calls, thus saving at least $.40 per call and running up AT&T's bill instead? Is this legal? Does AT&T know about this? Well, thought I'd pass the results of my experiences with NTS along and see what anyone can come up with... -Doug dreuben%eagle.weslyn@wesleyan.bitnet dreuben@eagle.wesleyan.edu (and just plain old "dreuben" to the few locals left...! :-) ) (about 5 now, right?)
pdg@chinet.chi.il.us (Paul Guthrie) (06/20/89)
In article <telecom-v09i0203m01@vector.dallas.tx.us> DREUBEN@eagle.wesleyan.edu (DOUGLAS SCOTT REUBEN) writes: > From what I understand, all the LD services (AT&T, MCI, Sprint, etc.) >and the AOS firms (ITI, NTS, etc.) are charged for accessing the >national calling card database (or whatever the system is called) >for verifying a calling card. AT&T is supposedly charged $.07 per >call, while the AOS firms are charged something like $.40. This is >one of the reasons they cite when they defend their higher rates. Not true. AT&T has their own database. The actual charges for AOSs and other such companies is closer to 15c. It may range as high as 30 depending upon the charges imposed by the BOC, LEC or independant. The overhead charges imposed by the database providers (such as NDC) are generally constant. As I stated in an earlier message, some cards (generally corporate cards) are not in any databases. Also, the mechanisms to get the data used by AOSs (most often dedicated slow-speed modem lines) are slower than those used by AT&T. >In any event, many AOS firms don't really check. ITI (International >Telecharge) just checks to make sure the card "looks" valid, ie, >a real area code, a real exchange in that area code, and a somewhat >valid looking calling card PIN number. During busy hours, they are >less careful, as I've entered "wrong" PINs and totally wrong numbers >at times and it went through fine. Late at night they check more >often, and frequently a false PIN that was accepted at 5PM won't >work at 11PM the same evening. Knowing their software, I don't think that this is true. They simply do a LERG checkup on the NPA+COC (actually another database similar to the LERG that include pseudo NPAs for corporate cards), and run an algorithm on certain numbers to check that the PIN is possible, but not necessarily valid. They may have added some sort of after the fact PIN verification on often used numbers recently that could explain the above behaviour. AOSs are not as concerned about fraud (so far) as they are about unbillable billing numbers that may constitute as much as 20% of attempted calls, depending on whether they have individual billing arangements, or through a reseller such as OAN. >NTS, on the other hand, seems to be doing something that I, as an >AT&T customer, find *very* disturbing [Description of method deleted]. >It seems what NTS is doing is using AT&T's calling card system to verify >calls for them, and then place the call over NTS after they use AT&T >to check! You are quite observant. I did explain this in an earlier TELECOM message, but your description hits on the nose what they do. Simply they use voice detection, timing and AT&Ts network to verify calling cards for free. My belief is that this is only done from payphones now, as they got into trouble from doing this from their switches.... payphones are harder to detect. Using this and a valid/invalid cache and they could get reasonable response from repeat customers. There is a device being sold that specifically does this for COCOT type payphones. It is line powered,stores up to a hundred or so CC numbers, and then dials into a special station to deliver call records via DTMF. At less than $200 per payphone, it lets COCOT owners bypass AOS rates and capture the best 80% of their traffic themselves. It also uses this slimy verification tecnique, all the while providing ringback to pretend that the call is going through. The receiver station uses Dialogic boards (they are on the net somewhere) to handle DTMF reception. Anyway, this misuse of the network will most likely become more and more prevelant until some leglislation is passed against it, but even then, it would be hard to prove on a case as small as a payphone. On another note, a discussion in sci.electronics has been going on about payphone phreaking. It might be worth looking at, as I imagine most people on this list are interested. It misses most of the anti-COCOT techniques like chain dialing, and all of the sophisticated methods, but does mention (but not explain - the author had no technical info) a case where a NY airport phone was giving free international calls. Here's how this one worked (and I do mean workED - otherwise I wouldn't post). One specific payphone type, when dialing in a 0, would put itself into infinate time/no money mode (natural for operator calls), whereupon it "cut through" to the switch. The switch had slower timing, so if you dialed in 11 immediately, followed by your international number, you got a free call. It didn't take long for this to be found! -- Paul Guthrie chinet!nsacray!paul